Docket No.: 15437-0508 



REMARKS 

Reconsideration of the application in view of the above amendments and the 
following remarks is respectfully requested. Claims 1 and 17 have been amended, and 
Claims 33-36 have been added. No claims have been canceled. Claims 1-36 are 
currently pending in the application. 



Claim Rejections - 35 U.S.C. § 102(b) 
In the Office Action, the Examiner rejected Claims 1-2, 4, 7-8, 10, 12-18, 20, 23- 
24, 26, and 28-32 under 35 U.S.C. § 102(b) as being anticipated by U.S. Patent No. 
5,842,002 issued to Schnurer et al. ("Schnurer"). Claims 1 and 17 have been amended to 
more particularly identify and distinctly claim subject matter to which the Applicant 
wishes to receive patent protection. The Applicant reserves the right to pursue the 
subject matter featured in original Claims 1 and 17 in the present application or a 
continuation application. 

Independent Claim 1 
With regard to independent Claim 1, there is recited: 

A computer-implemented method for generating a transformation document, 
comprising: 

establishing a limited environment within a general environment , wherein said 
limited environment comprises at least one mock resource, wherein said general 
environment comprises at least one real resource, and wherein said limited environment 
and said general environment are both implemented using the same type of operating 
system ; 

executing at least a portion of an untrusted program within said limited 
environment; and 

examining said limited environment after execution of at least said portion of said 
untrusted program to check for undesirable behavior exhibited by said 
untrusted program (emphasis added). 
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Claim 1 provides an advantageous method for executing an untrusted program. 
According to Claim 1, a computer-implemented method establishes a limited 
environment within a general environment, executes at least a portion of an untrusted 
program within the limited environment, and examines the limited environment after 
execution to check for undesirable behavior exhibited by the untrusted program. As the 
limited environment and the general environment are both implemented using the same 
type of operating system, numerous advantageous are realized, e.g., the untrusted 
program may be examined in an environment that implants the same type of operating 
system as the general environment. Also, in an embodiment, there is no need for a 
different operating system or a different machine to implement both the limited 
environment and the general environment. 

Such a method is neither disclosed nor suggested by Schnurer. Instead, Schnurer 
discloses an approach for a computer virus trapping device that creates a virtual world 
that simulates the host computer system intended by the virus to infect (Abstract). The 
computer virus trapping device includes an emulation means that emulates a foreign 
operating environment (Col. 7, lines 4-18). Schnurer states "a foreign operating system 
different from the one being protected is introduced into the data stream before the data 
arrives at the computer system to be protected" (Col. 4, lines 17-20). The computer virus 
trapping device is placed in front of a node to be protected, and the computer virus 
trapping device passes data directly through to the host system in addition to 
simultaneously processing it. (Col 6, lines 57-58; trap device 10 in FIG. 3 and FIG. 4; 
Col. 8, lines 50-52). 
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While Schnurer addresses the generally similar subject matter of executing a 
potential computer virus in an emulated environment, it should be noted that the approach 
of Schnurer differs in significant ways from the subject matter of Claim 1. As discussed 
above, Schnurer teaches a method in which a foreign operating system, different from the 
one being protected, is introduced into the data stream before the data arrives at the 
computer system to be protected (Col. 4, lines 17-20). Thus, Schnurer teaches that the 
emulated environment and the protected environment are both (a) distinct, and (b) 
implemented using different operating systems. 

In sharp contract, the method of Claim 1 discloses an approach wherein the 
limited environment is within a general environment. For example, Fig. 1 of the 
Applicant's patent application shows a system 100 (corresponding to the general 
environment). The general environment includes a limited environment 110. 

Rather than showing a limited environment within a general environment, 
Schnurer shows an emulated environment (generated by emulation means 48 on virus 
trapping device 10) that is completely separate from the general environment to be 
protected. For example, FIG. 3, and the corresponding description, of Schnurer makes 
clear that virus trapping device 10 is separate from the general environment. Schnurer 
states "the file server 42 is the computer system to be protected. The virus trapping 
device 10 is placed in the data stream that connects the filer [sic] server 42 to other 
workstations 38. . .In this scenario, all traffic to and from the file server 42 is monitored 
for viruses by the trap 10" (Col. 6, lines 42-50). Thus, the approach of Schnurer cannot 
possibly show "establishing a limited environment within a general environment" as 
featured in Claim 1 . 
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Another distinction between Schnurer and the approach of Claim 1 is that Claim 1 
discloses an approach wherein the limited environment and the general environment are 
both implemented using the same type of operating system. In contrast, Schnurer states 
"without the use of a foreign operating system the invention itself risks contamination. A 
foreign operating system different from the one being protected is introduced into the 
data stream before the data arrives at the computer system to be protected" (Col. 4, lines 
16-20). Schnurer teaches, "the virus cannot escape the emulation box 48 because the box 
exists in a foreign operating environment. . ." (Col. 7, lines 15-16). Thus, it is clear that 
the approach of Schnurer requires the emulated environment to be implemented using a 
different type of operation system than the protected system to prevent viruses from 
escaping into the protected system. 

While Schnurer raises the possibility that its approach "can be done without a 

transplatform," Schnurer strongly teaches away from such an approach by further stating: 

"it will be slow and absolutely unsafe. The use of a foreign operating 
system can be likened to the use of lead walls and glass walls and 
mechanical arms used by people manipulating radioactive materials in a 
lab. While it is certainly possible to pick up radioactivity with one's bare 
hands, it is not highly recommended or is it safe. While the invention can 
• be had without the use of a foreign operating system, it is not highly 
recommended nor is it safe" (Col. 4, line 63 - Col. 5, line 5). 

Thus, to the extent that Schnurer teaches an operational embodiment, a foreign 
operating system is required. As a result, the approach of Schnurer cannot possibly show 
"wherein said limited environment and said general environment are both implemented 
using the same type of operating system" as featured in Claim 1. 

As argued above, Schnurer neither discloses nor suggests "establishing a limited 
environment within a general environment, wherein said limited environment comprises 
at least one mock resource, wherein said general environment comprises at least one real 
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resource, and wherein said limited environment and said general environment are both 
implemented using the same type of operating system," as recited in Claim 1. Therefore, 
Applicant submits that Claim 1 is patentable over Schnurer. 

Claims 2-16 and New Claims 33 and 35 are dependent claims, each of which 
depends (directly or indirectly) on Claim 1. Each of Claims 2-16, 33, and 35 is therefore 
allowable for at least the reasons given above with respect to Claim 1. In addition, each 
of Claims 2-16, 33, and 35 introduces one or more additional limitations that 
independently render it patentable. For example, Claim 33 features the limitation 
"wherein said limited environment and said general environment are both implemented 
on the same machine," which, as explained above, is not disclosed, taught, or suggested 
by the cited art. Due to the fundamental differences already identified, to expedite the 
positive resolution of this case, a separate discussion of the limitations of Claims 2-16 
and 35 is not included at this time. The Applicant reserves the right to further point out 
the differences between the cited art and the novel features recited in the dependent 
claims. 

Claims 17-32 and New Claims 34 and 36 include limitations similar to Claims 1- 
16, 33, and 35, except in the context of computer-readable media. It is therefore 
respectfully submitted that Claims 17-32, 34, and 36 are patentable over Schnurer for at 
least the reasons given above with respect to Claims 1-17, 33, and 35. 

Claim Rejections - 35 U.S.C. S \03tii\ 
The Office Action rejects Claims 3, 5-6, 9, 1 1, 19, 21-22, 25, and 27 under 35 
U.S.C. § 103(a) as being unpatentable over Schnurer. This rejection is respectfully 
traversed. 
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As explained above, Claims 3, 5-6, 9, 11,19, 21-22, 25, and 27 each feature 
subject matter that is not disclosed, taught, or suggested by Schnurer. Assuming, 
arguendo, that the assertions of the Office Action were well known to those skilled in the 
art at the time of the invention, and further assuming, arguendo, that it would have been 
obvious to combine the approach of Schnurer with the Office Action's assertions, the 
resulting combination would still not result in the approach featured in the pending 
claims in view of the fundamental distinctions, discussed above, between the approach of 
Schnurer and the pending claims. 

Consequently, it is respectfully submitted that Claims 3, 5-6, 9, 11, 19, 21-22, 25, 
and 27 are non-obvious over Schnurer, and that each of the pending claims is in condition 
for allowance. 
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Conclusion 



For the reasons given above, Applicant submits that the pending claims are 
patentable over the art of record, including the art cited but not applied. Accordingly, 
allowance of all pending claims is respectfully solicited. 

The Examiner is invited to telephone the undersigned at (408) 414-1080 to 
discuss any issue that may advance prosecution. 

No fee is believed to be due specifically in connection with this Reply. The 
Commissioner is authorized to charge any fee that may be due in connection with this 
Reply to our Deposit Account No. 50-1302. 



Respectfully submitted, 



HICKMAN PALERMO TRUONG & BECKER LLP 



Dated: October d_ 9 2004 




Christopher J. Brokaw 
Reg. No. 45,620 



1600 Willow Street 



San Jose, California 95125-5106 
Telephone No.: (408) 414-1080 
Facsimile No. : (408) 414-1 076 
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